mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-13 22:08:52 +01:00
changed trustdb design
This commit is contained in:
parent
3c53ea75ce
commit
1a80de41a5
2
THANKS
2
THANKS
@ -14,7 +14,7 @@ Ernst Molitor ernst.molitor@uni-bonn.de
|
||||
Frank Heckenbach heckenb@mi.uni-erlangen.de
|
||||
Hendrik Buschkamp buschkamp@rheumanet.org
|
||||
Ian McKellar imckellar@harvestroad.com.au
|
||||
James Troup J.J.Troup@scm.brad.ac.uk
|
||||
James Troup james@nocrew.org
|
||||
Jean-loup Gailly gzip@prep.ai.mit.edu
|
||||
Jens Bachem bachem@rrz.uni-koeln.de
|
||||
Jörg Schilling schilling@fokus.gmd.de
|
||||
|
6
TODO
6
TODO
@ -33,12 +33,6 @@
|
||||
* add checking of armor trailers
|
||||
* remove all "Fixmes"
|
||||
|
||||
* bug: g10/trustdb.c#build_sigrecs called to often by do_list_path
|
||||
and remove the bad kludge. Maybe we should put all sigs into the trustdb
|
||||
and mark them as valid/invalid/nopubkey, and how do we check, that
|
||||
we have a self-signature -> put this stuff into a kind of directory
|
||||
record, as it does not belong to the pubkey record?
|
||||
|
||||
* add an option to create a new user id.
|
||||
|
||||
* add an option to re-create a public key from a secret key. Think about
|
||||
|
@ -100,7 +100,8 @@ Record type 3: (key record)
|
||||
1 byte reserved
|
||||
1 u32 LID
|
||||
1 u32 next - next key record
|
||||
8 bytes reserved
|
||||
7 bytes reserved
|
||||
1 byte keyflags
|
||||
1 byte pubkey algorithm
|
||||
1 byte length of the fingerprint (in bytes)
|
||||
20 bytes fingerprint of the public key
|
||||
@ -118,7 +119,8 @@ Record type 4: (uid record)
|
||||
1 u32 next next userid
|
||||
1 u32 pointer to preference record
|
||||
1 u32 siglist list of valid signatures
|
||||
2 byte reserved
|
||||
1 byte uidflags
|
||||
1 byte reserved
|
||||
20 bytes ripemd160 hash of the username.
|
||||
|
||||
|
||||
|
@ -1,3 +1,19 @@
|
||||
Tue Jul 21 14:37:09 1998 Werner Koch (wk@(none))
|
||||
|
||||
* import.c (import_one): Now creates a trustdb record.
|
||||
|
||||
* g10.c (main): New command --check-trustdb
|
||||
|
||||
Mon Jul 20 11:15:07 1998 Werner Koch (wk@(none))
|
||||
|
||||
* genkey.c (generate_keypair): Default key is now DSA with
|
||||
encryption only ElGamal subkey.
|
||||
|
||||
Thu Jul 16 10:58:33 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* keyid.c (keyid_from_fingerprint): New.
|
||||
* getkey.c (get_pubkey_byfprint): New.
|
||||
|
||||
Tue Jul 14 18:09:51 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* keyid.c (fingerprint_from_pk): Add argument and changed all callers.
|
||||
|
@ -6,7 +6,7 @@ OMIT_DEPENDENCIES = zlib.h zconf.h
|
||||
LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
|
||||
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
|
||||
|
||||
noinst_PROGRAMS = gpgd
|
||||
#noinst_PROGRAMS = gpgd
|
||||
bin_PROGRAMS = gpg gpgm
|
||||
|
||||
common_source = \
|
||||
@ -67,10 +67,10 @@ gpg_SOURCES = g10.c \
|
||||
gpgm_SOURCES = dearmor.c \
|
||||
$(common_source)
|
||||
|
||||
gpgd_SOURCES = gpgd.c \
|
||||
ks-proto.h \
|
||||
ks-proto.c \
|
||||
$(common_source)
|
||||
#gpgd_SOURCES = gpgd.c \
|
||||
# ks-proto.h \
|
||||
# ks-proto.c \
|
||||
# $(common_source)
|
||||
|
||||
|
||||
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
|
||||
|
@ -36,6 +36,14 @@ list-secret-keys
|
||||
export-secret-keys
|
||||
# export secret keys (which may be usefuil in some cases)
|
||||
|
||||
check-trustdb
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#-----------------------------------------------
|
||||
#--- options
|
||||
#-----------------------------------------------
|
||||
|
77
g10/g10.c
77
g10/g10.c
@ -52,43 +52,44 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ 300, NULL, 0, N_("@Commands:\n ") },
|
||||
|
||||
#ifdef IS_G10
|
||||
{ 's', "sign", 0, N_("|[file]|make a signature")},
|
||||
{ 539, "clearsign", 0, N_("|[file]|make a clear text signature") },
|
||||
{ 'b', "detach-sign", 0, N_("make a detached signature")},
|
||||
{ 'e', "encrypt", 0, N_("encrypt data")},
|
||||
{ 'c', "symmetric", 0, N_("encryption only with symmetric cipher")},
|
||||
{ 507, "store", 0, N_("store only")},
|
||||
{ 'd', "decrypt", 0, N_("decrypt data (default)")},
|
||||
{ 550, "verify" , 0, N_("verify a signature")},
|
||||
{ 's', "sign", 256, N_("|[file]|make a signature")},
|
||||
{ 539, "clearsign", 256, N_("|[file]|make a clear text signature") },
|
||||
{ 'b', "detach-sign", 256, N_("make a detached signature")},
|
||||
{ 'e', "encrypt", 256, N_("encrypt data")},
|
||||
{ 'c', "symmetric", 256, N_("encryption only with symmetric cipher")},
|
||||
{ 507, "store", 256, N_("store only")},
|
||||
{ 'd', "decrypt", 256, N_("decrypt data (default)")},
|
||||
{ 550, "verify" , 256, N_("verify a signature")},
|
||||
#endif
|
||||
{ 551, "list-keys", 0, N_("list keys")},
|
||||
{ 552, "list-sigs", 0, N_("list keys and signatures")},
|
||||
{ 508, "check-sigs",0, N_("check key signatures")},
|
||||
{ 515, "fingerprint", 0, N_("list keys and fingerprints")},
|
||||
{ 558, "list-secret-keys", 0, N_("list secret keys")},
|
||||
{ 551, "list-keys", 256, N_("list keys")},
|
||||
{ 552, "list-sigs", 256, N_("list keys and signatures")},
|
||||
{ 508, "check-sigs",256, N_("check key signatures")},
|
||||
{ 515, "fingerprint", 256, N_("list keys and fingerprints")},
|
||||
{ 558, "list-secret-keys", 256, N_("list secret keys")},
|
||||
#ifdef IS_G10
|
||||
{ 503, "gen-key", 0, N_("generate a new key pair")},
|
||||
{ 554, "add-key", 0, N_("add a subkey to a key pair")},
|
||||
{ 506, "sign-key" ,0, N_("make a signature on a key in the keyring")},
|
||||
{ 505, "delete-key",0, N_("remove key from the public keyring")},
|
||||
{ 524, "edit-key" ,0, N_("edit a key signature")},
|
||||
{ 525, "change-passphrase", 0, N_("change the passphrase of your secret keyring")},
|
||||
{ 542, "gen-revoke",0, N_("generate a revocation certificate")},
|
||||
{ 503, "gen-key", 256, N_("generate a new key pair")},
|
||||
{ 554, "add-key", 256, N_("add a subkey to a key pair")},
|
||||
{ 506, "sign-key" ,256, N_("make a signature on a key in the keyring")},
|
||||
{ 505, "delete-key",256, N_("remove key from the public keyring")},
|
||||
{ 524, "edit-key" ,256, N_("edit a key signature")},
|
||||
{ 525, "change-passphrase", 256, N_("change the passphrase of your secret keyring")},
|
||||
{ 542, "gen-revoke",256, N_("generate a revocation certificate")},
|
||||
#endif
|
||||
{ 537, "export" , 0, N_("export keys") },
|
||||
{ 563, "export-secret-keys" , 0, "@" },
|
||||
{ 537, "export" , 256, N_("export keys") },
|
||||
{ 563, "export-secret-keys" , 256, "@" },
|
||||
{ 565, "do-not-export-rsa", 0, "@" },
|
||||
{ 530, "import", 0 , N_("import/merge keys")},
|
||||
{ 521, "list-packets",0,N_("list only the sequence of packets")},
|
||||
{ 530, "import", 256 , N_("import/merge keys")},
|
||||
{ 521, "list-packets",256,N_("list only the sequence of packets")},
|
||||
#ifdef IS_G10MAINT
|
||||
{ 564, "list-ownertrust", 0, "list the ownertrust values"},
|
||||
{ 546, "dearmor", 0, N_("De-Armor a file or stdin") },
|
||||
{ 547, "enarmor", 0, N_("En-Armor a file or stdin") },
|
||||
{ 555, "print-md" , 0, N_("|algo [files]|print message digests")},
|
||||
{ 516, "print-mds" , 0, N_("print all message digests")},
|
||||
{ 564, "list-ownertrust", 256, N_("list the ownertrust values")},
|
||||
{ 567, "check-trustdb",0 , N_("|[NAMES]|check the trust database")},
|
||||
{ 546, "dearmor", 256, N_("De-Armor a file or stdin") },
|
||||
{ 547, "enarmor", 256, N_("En-Armor a file or stdin") },
|
||||
{ 555, "print-md" , 256, N_("|algo [files]|print message digests")},
|
||||
{ 516, "print-mds" , 256, N_("print all message digests")},
|
||||
#ifdef MAINTAINER_OPTIONS
|
||||
{ 513, "gen-prime" , 0, "@" },
|
||||
{ 548, "gen-random" , 0, "@" },
|
||||
{ 513, "gen-prime" , 256, "@" },
|
||||
{ 548, "gen-random" , 256, "@" },
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -143,6 +144,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
#ifdef IS_G10MAINT
|
||||
{ 514, "test" , 0, "@" },
|
||||
{ 564, "list-ownertrust",0 , "@"},
|
||||
{ 567, "check-trustdb",0 , "@"},
|
||||
{ 531, "list-trustdb",0 , "@"},
|
||||
{ 533, "list-trust-path",0, "@"},
|
||||
#endif
|
||||
@ -182,7 +184,7 @@ enum cmd_values { aNull = 0,
|
||||
aListSigs, aKeyadd, aListSecretKeys,
|
||||
aExport, aExportSecret,
|
||||
aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
|
||||
aListTrustDB, aListTrustPath, aListOwnerTrust,
|
||||
aCheckTrustDB, aListTrustDB, aListTrustPath, aListOwnerTrust,
|
||||
aDeArmor, aEnArmor, aGenRandom,
|
||||
aTest };
|
||||
|
||||
@ -195,7 +197,6 @@ static void set_cmd( enum cmd_values *ret_cmd,
|
||||
#ifdef IS_G10MAINT
|
||||
static void print_hex( byte *p, size_t n );
|
||||
static void print_mds( const char *fname, int algo );
|
||||
static void do_test(int);
|
||||
#endif
|
||||
|
||||
const char *
|
||||
@ -541,6 +542,7 @@ main( int argc, char **argv )
|
||||
#endif
|
||||
case 516: set_cmd( &cmd, aPrintMDs); break;
|
||||
case 531: set_cmd( &cmd, aListTrustDB); break;
|
||||
case 567: set_cmd( &cmd, aCheckTrustDB); break;
|
||||
case 533: set_cmd( &cmd, aListTrustPath); break;
|
||||
case 540: break; /* dummy */
|
||||
case 546: set_cmd( &cmd, aDeArmor); break;
|
||||
@ -1032,6 +1034,15 @@ main( int argc, char **argv )
|
||||
}
|
||||
break;
|
||||
|
||||
case aCheckTrustDB:
|
||||
if( !argc )
|
||||
check_trustdb(NULL);
|
||||
else {
|
||||
for( ; argc; argc--, argv++ )
|
||||
check_trustdb( *argv );
|
||||
}
|
||||
break;
|
||||
|
||||
case aListTrustPath:
|
||||
if( argc != 2 )
|
||||
wrong_args("--list-trust-path [-- -]<maxdepth> <username>");
|
||||
|
14
g10/getkey.c
14
g10/getkey.c
@ -464,6 +464,20 @@ get_pubkey_byname( PKT_public_key *pk, const char *name )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Search for a key with the given fingerprint.
|
||||
*/
|
||||
int
|
||||
get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint, size_t fprint_len)
|
||||
{
|
||||
int rc;
|
||||
|
||||
if( fprint_len == 20 || fprint_len == 16 )
|
||||
rc = lookup( pk, fprint_len, NULL, fprint, NULL );
|
||||
else
|
||||
rc = G10ERR_GENERAL; /* Oops */
|
||||
return rc;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Search for a key with the given fingerprint and return the
|
||||
|
11
g10/import.c
11
g10/import.c
@ -381,6 +381,17 @@ import_one( const char *fname, KBNODE keyblock )
|
||||
else
|
||||
log_info_f(fname, _("key %08lX: not changed\n"), (ulong)keyid[1] );
|
||||
}
|
||||
if( !rc ) {
|
||||
rc = query_trust_record( pk_orig );
|
||||
if( rc && rc != -1 )
|
||||
log_error("trustdb error: %s\n", g10_errstr(rc) );
|
||||
else if( rc == -1 ) {
|
||||
rc = insert_trust_record( pk_orig );
|
||||
if( rc )
|
||||
log_error("key %08lX: trustdb insert failed: %s\n",
|
||||
(ulong)keyid[1], g10_errstr(rc) );
|
||||
}
|
||||
}
|
||||
|
||||
leave:
|
||||
release_kbnode( keyblock_orig );
|
||||
|
@ -112,6 +112,8 @@ void add_secret_keyring( const char *name );
|
||||
int get_pubkey( PKT_public_key *pk, u32 *keyid );
|
||||
int get_pubkey_byname( PKT_public_key *pk, const char *name );
|
||||
int get_seckey( PKT_secret_key *sk, u32 *keyid );
|
||||
int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint,
|
||||
size_t fprint_len );
|
||||
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
|
||||
size_t fprint_len );
|
||||
int seckey_available( u32 *keyid );
|
||||
@ -125,12 +127,13 @@ int pubkey_letter( int algo );
|
||||
u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
|
||||
u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
|
||||
u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
|
||||
u32 keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid );
|
||||
unsigned nbits_from_pk( PKT_public_key *pk );
|
||||
unsigned nbits_from_sk( PKT_secret_key *sk );
|
||||
const char *datestr_from_pk( PKT_public_key *pk );
|
||||
const char *datestr_from_sk( PKT_secret_key *sk );
|
||||
const char *datestr_from_sig( PKT_signature *sig );
|
||||
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf; size_t *ret_len );
|
||||
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
|
||||
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
|
||||
|
||||
/*-- kbnode.c --*/
|
||||
|
@ -371,7 +371,7 @@ check_valid_days( const char *s )
|
||||
|
||||
|
||||
/****************
|
||||
* Returns o to create both a DSA and a ElGamal key.
|
||||
* Returns: 0 to create both a DSA and a ElGamal key.
|
||||
*/
|
||||
static int
|
||||
ask_algo( int *ret_v4, int addmode )
|
||||
@ -756,7 +756,7 @@ generate_keypair()
|
||||
|
||||
algo = ask_algo( &v4, 0 );
|
||||
if( !algo ) {
|
||||
algo = PUBKEY_ALGO_ELGAMAL;
|
||||
algo = PUBKEY_ALGO_ELGAMAL_E;
|
||||
both = 1;
|
||||
tty_printf(_("DSA keypair will have 1024 bits.\n"));
|
||||
}
|
||||
|
37
g10/keyid.c
37
g10/keyid.c
@ -189,6 +189,43 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Get the keyid from the fingerprint. This function is simple for most
|
||||
* keys, but has to do a keylookup for old stayle keys.
|
||||
*/
|
||||
u32
|
||||
keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
|
||||
{
|
||||
u32 dummy_keyid[2];
|
||||
|
||||
if( !keyid )
|
||||
keyid = dummy_keyid;
|
||||
|
||||
if( fprint_len != 20 ) {
|
||||
/* This is special as we have to lookup the key first */
|
||||
PKT_public_key pk;
|
||||
int rc;
|
||||
|
||||
memset( &pk, 0, sizeof pk );
|
||||
rc = get_pubkey_byfprint( &pk, fprint, fprint_len );
|
||||
if( rc ) {
|
||||
log_error("Oops: keyid_from_fingerprint: no pubkey\n");
|
||||
keyid[0] = 0;
|
||||
keyid[1] = 0;
|
||||
}
|
||||
else
|
||||
keyid_from_pk( &pk, keyid );
|
||||
}
|
||||
else {
|
||||
const byte *dp = fprint;
|
||||
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
|
||||
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
|
||||
}
|
||||
|
||||
return keyid[1];
|
||||
}
|
||||
|
||||
|
||||
u32
|
||||
keyid_from_sig( PKT_signature *sig, u32 *keyid )
|
||||
{
|
||||
|
@ -49,7 +49,7 @@ query_ownertrust( ulong lid )
|
||||
PKT_public_key *pk ;
|
||||
int changed=0;
|
||||
|
||||
rc = keyid_from_trustdb( lid, keyid );
|
||||
rc = keyid_from_lid( lid, keyid );
|
||||
if( rc ) {
|
||||
log_error("ooops: can't get keyid for lid %lu\n", lid);
|
||||
return 0;
|
||||
|
92
g10/tdbio.c
92
g10/tdbio.c
@ -147,11 +147,11 @@ create_db( const char *fname )
|
||||
fp =fopen( fname, "w" );
|
||||
if( !fp )
|
||||
log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) );
|
||||
fwrite_8( fp, 2 );
|
||||
fwrite_8( fp, 1 ); /* record type */
|
||||
fwrite_8( fp, 'g' );
|
||||
fwrite_8( fp, 'p' );
|
||||
fwrite_8( fp, 'g' );
|
||||
fwrite_8( fp, 1 ); /* version */
|
||||
fwrite_8( fp, 2 ); /* version */
|
||||
fwrite_zeros( fp, 3 ); /* reserved */
|
||||
fwrite_32( fp, 0 ); /* not locked */
|
||||
fwrite_32( fp, make_timestamp() ); /* created */
|
||||
@ -183,11 +183,12 @@ open_db()
|
||||
|
||||
|
||||
void
|
||||
tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
|
||||
tdbio_dump_record( TRUSTREC *rec, FILE *fp )
|
||||
{
|
||||
int i, any;
|
||||
ulong rnum = rec->recnum;
|
||||
|
||||
fprintf(fp, "rec %5lu, type=", rnum );
|
||||
fprintf(fp, "rec %5lu, ", rnum );
|
||||
|
||||
switch( rec->rectype ) {
|
||||
case 0: fprintf(fp, "free\n");
|
||||
@ -201,30 +202,36 @@ tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
|
||||
rec->r.dir.uidlist,
|
||||
rec->r.dir.cacherec,
|
||||
rec->r.dir.ownertrust );
|
||||
if( rec->r.dir.sigflag == 1 )
|
||||
fputs(", (none)", fp );
|
||||
else if( rec->r.dir.sigflag == 2 )
|
||||
fputs(", (invalid)", fp );
|
||||
else if( rec->r.dir.sigflag == 3 )
|
||||
fputs(", (revoked)", fp );
|
||||
else if( rec->r.dir.sigflag )
|
||||
fputs(", (??)", fp );
|
||||
if( rec->r.dir.dirflags & DIRF_ERROR )
|
||||
fputs(", error", fp );
|
||||
if( rec->r.dir.dirflags & DIRF_CHECKED )
|
||||
fputs(", checked", fp );
|
||||
if( rec->r.dir.dirflags & DIRF_REVOKED )
|
||||
fputs(", revoked", fp );
|
||||
if( rec->r.dir.dirflags & DIRF_MISKEY )
|
||||
fputs(", miskey", fp );
|
||||
putc('\n', fp);
|
||||
break;
|
||||
case RECTYPE_KEY:
|
||||
fprintf(fp, "key %lu, next=%lu, algo=%d, flen=%d\n",
|
||||
fprintf(fp, "key %lu, next=%lu, algo=%d, flen=%d",
|
||||
rec->r.key.lid,
|
||||
rec->r.key.next,
|
||||
rec->r.key.pubkey_algo,
|
||||
rec->r.key.fingerprint_len );
|
||||
if( rec->r.key.keyflags & KEYF_REVOKED )
|
||||
fputs(", revoked", fp );
|
||||
putc('\n', fp);
|
||||
break;
|
||||
case RECTYPE_UID:
|
||||
fprintf(fp, "uid %lu, next=%lu, pref=%lu, sig=%lu, hash=%02X%02X\n",
|
||||
fprintf(fp, "uid %lu, next=%lu, pref=%lu, sig=%lu, hash=%02X%02X",
|
||||
rec->r.uid.lid,
|
||||
rec->r.uid.next,
|
||||
rec->r.uid.prefrec,
|
||||
rec->r.uid.siglist,
|
||||
rec->r.uid.namehash[18], rec->r.uid.namehash[19]);
|
||||
if( rec->r.uid.uidflags & UIDF_REVOKED )
|
||||
fputs(", revoked", fp );
|
||||
putc('\n', fp);
|
||||
break;
|
||||
case RECTYPE_PREF:
|
||||
fprintf(fp, "pref %lu, next=%lu\n",
|
||||
@ -253,11 +260,11 @@ tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
|
||||
case RECTYPE_HTBL:
|
||||
fprintf(fp, "htbl\n");
|
||||
break;
|
||||
case RECTYPE_HTBL:
|
||||
case RECTYPE_HLST:
|
||||
fprintf(fp, "hlst\n");
|
||||
break;
|
||||
default:
|
||||
fprintf(fp, "%d (unknown)\n", rec->rectype );
|
||||
fprintf(fp, "unknown type %d\n", rec->rectype );
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -330,7 +337,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
||||
rec->r.dir.uidlist = buftoulong(p); p += 4;
|
||||
rec->r.dir.cacherec = buftoulong(p); p += 4;
|
||||
rec->r.dir.ownertrust = *p++;
|
||||
rec->r.dir.sigflag = *p++;
|
||||
rec->r.dir.dirflags = *p++;
|
||||
if( rec->r.dir.lid != recnum ) {
|
||||
log_error_f( db_name, "dir LID != recnum (%lu,%lu)\n",
|
||||
rec->r.dir.lid, (ulong)recnum );
|
||||
@ -340,7 +347,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
||||
case RECTYPE_KEY: /* public key record */
|
||||
rec->r.key.lid = buftoulong(p); p += 4;
|
||||
rec->r.key.next = buftoulong(p); p += 4;
|
||||
p += 8;
|
||||
p += 7;
|
||||
rec->r.key.keyflags = *p++;
|
||||
rec->r.key.pubkey_algo = *p++;
|
||||
rec->r.key.fingerprint_len = *p++;
|
||||
if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
|
||||
@ -352,7 +360,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
||||
rec->r.uid.next = buftoulong(p); p += 4;
|
||||
rec->r.uid.prefrec = buftoulong(p); p += 4;
|
||||
rec->r.uid.siglist = buftoulong(p); p += 4;
|
||||
p += 2;
|
||||
rec->r.uid.uidflags = *p++;
|
||||
p ++;
|
||||
memcpy( rec->r.uid.namehash, p, 20);
|
||||
break;
|
||||
case RECTYPE_PREF: /* preference record */
|
||||
@ -413,14 +422,15 @@ tdbio_write_record( TRUSTREC *rec )
|
||||
ulongtobuf(p, rec->r.dir.uidlist); p += 4;
|
||||
ulongtobuf(p, rec->r.dir.cacherec); p += 4;
|
||||
*p++ = rec->r.dir.ownertrust;
|
||||
*p++ = rec->r.dir.sigflag;
|
||||
*p++ = rec->r.dir.dirflags;
|
||||
assert( rec->r.dir.lid == recnum );
|
||||
break;
|
||||
|
||||
case RECTYPE_KEY:
|
||||
ulongtobuf(p, rec->r.key.lid); p += 4;
|
||||
ulongtobuf(p, rec->r.key.next); p += 4;
|
||||
p += 8;
|
||||
p += 7;
|
||||
*p++ = rec->r.key.keyflags;
|
||||
*p++ = rec->r.key.pubkey_algo;
|
||||
*p++ = rec->r.key.fingerprint_len;
|
||||
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
|
||||
@ -431,7 +441,8 @@ tdbio_write_record( TRUSTREC *rec )
|
||||
ulongtobuf(p, rec->r.uid.next); p += 4;
|
||||
ulongtobuf(p, rec->r.uid.prefrec); p += 4;
|
||||
ulongtobuf(p, rec->r.uid.siglist); p += 4;
|
||||
p += 2;
|
||||
*p++ = rec->r.uid.uidflags;
|
||||
p++;
|
||||
memcpy( p, rec->r.uid.namehash, 20 ); p += 20;
|
||||
break;
|
||||
|
||||
@ -472,6 +483,15 @@ tdbio_write_record( TRUSTREC *rec )
|
||||
return rc;
|
||||
}
|
||||
|
||||
int
|
||||
tdbio_delete_record( ulong recnum )
|
||||
{
|
||||
TRUSTREC rec;
|
||||
|
||||
rec.recnum = recnum;
|
||||
rec.rectype = 0;
|
||||
return tdbio_write_record( &rec );
|
||||
}
|
||||
|
||||
/****************
|
||||
* create a new record and return its record number
|
||||
@ -495,7 +515,8 @@ tdbio_new_recnum()
|
||||
* returns another recnum */
|
||||
memset( &rec, 0, sizeof rec );
|
||||
rec.rectype = 0; /* free record */
|
||||
rc = tdbio_write_record(recnum, &rec );
|
||||
rec.recnum = recnum;
|
||||
rc = tdbio_write_record( &rec );
|
||||
if( rc )
|
||||
log_fatal_f(db_name,_("failed to append a record: %s\n"),
|
||||
g10_errstr(rc));
|
||||
@ -530,10 +551,10 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
|
||||
if( rec->r.key.pubkey_algo == pk->pubkey_algo
|
||||
&& !memcmp(rec->r.key.fingerprint, fingerprint, fingerlen) ) {
|
||||
/* found: read the dir record for this key */
|
||||
rc = tdbio_read_record( rec->r.key.lid, rec, RECTYPE_DIR);
|
||||
recnum = rec->r.key.lid;
|
||||
rc = tdbio_read_record( recnum, rec, RECTYPE_DIR);
|
||||
if( rc )
|
||||
break;
|
||||
|
||||
if( pk->local_id && pk->local_id != recnum )
|
||||
log_error_f(db_name,
|
||||
"found record, but LID from memory does "
|
||||
@ -549,22 +570,13 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Delete the Userid UIDLID from DIRLID
|
||||
*/
|
||||
int
|
||||
tdbio_update_sigflag( ulong lid, int sigflag )
|
||||
tdbio_delete_uidrec( ulong dirlid, ulong uidlid )
|
||||
{
|
||||
TRUSTREC rec;
|
||||
|
||||
if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
|
||||
log_error("update_sigflag: read failed\n");
|
||||
return G10ERR_TRUSTDB;
|
||||
}
|
||||
|
||||
rec.r.dir.sigflag = sigflag;
|
||||
if( tdbio_write_record( lid, &rec ) ) {
|
||||
log_error("update_sigflag: write failed\n");
|
||||
return G10ERR_TRUSTDB;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return G10ERR_GENERAL; /* not implemented */
|
||||
}
|
||||
|
||||
|
||||
|
30
g10/tdbio.h
30
g10/tdbio.h
@ -40,11 +40,23 @@
|
||||
#define RECTYPE_HLST 11
|
||||
|
||||
|
||||
|
||||
#define DIRF_CHECKED 1 /* everything has been checked, the other bits are
|
||||
valid */
|
||||
#define DIRF_MISKEY 2 /* some keys are missing, so they could not be checked*/
|
||||
#define DIRF_ERROR 4 /* severe errors: the key is not valid for some reasons
|
||||
but we mark it to avoid duplicate checks */
|
||||
#define DIRF_REVOKED 8 /* the complete key has been revoked */
|
||||
|
||||
#define KEYF_REVOKED DIRF_REVOKED /* this key has been revoked
|
||||
(only useful on subkeys)*/
|
||||
#define UIDF_REVOKED DIRF_REVOKED /* this user id has been revoked */
|
||||
|
||||
|
||||
struct trust_record {
|
||||
int rectype;
|
||||
struct trust_record *next; /* help pointer to build lists in memory */
|
||||
struct trust_record *help_pref;
|
||||
struct trust_record *help_sig;
|
||||
int mark;
|
||||
ulong recnum;
|
||||
union {
|
||||
@ -64,11 +76,12 @@ struct trust_record {
|
||||
ulong uidlist; /* list of uid records */
|
||||
ulong cacherec; /* the cache record */
|
||||
byte ownertrust;
|
||||
byte sigflag;
|
||||
byte dirflags;
|
||||
} dir;
|
||||
struct { /* primary public key record */
|
||||
ulong lid;
|
||||
ulong next; /* next key */
|
||||
byte keyflags;
|
||||
byte pubkey_algo;
|
||||
byte fingerprint_len;
|
||||
byte fingerprint[20];
|
||||
@ -78,6 +91,7 @@ struct trust_record {
|
||||
ulong next; /* points to next user id record */
|
||||
ulong prefrec; /* recno of preference record */
|
||||
ulong siglist; /* list of valid signatures (w/o self-sig)*/
|
||||
byte uidflags;
|
||||
byte namehash[20]; /* ripemd hash of the username */
|
||||
} uid;
|
||||
struct { /* preference reord */
|
||||
@ -90,7 +104,7 @@ struct trust_record {
|
||||
ulong next; /* recnno of next record or NULL for last one */
|
||||
struct {
|
||||
ulong lid; /* of pubkey record of signator (0=unused) */
|
||||
byte flag; /* reserved */
|
||||
byte flag; /* SIGRF_xxxxx */
|
||||
} sig[SIGS_PER_RECORD];
|
||||
} sig;
|
||||
struct { /* cache record */
|
||||
@ -113,14 +127,15 @@ struct trust_record {
|
||||
typedef struct trust_record TRUSTREC;
|
||||
|
||||
typedef struct {
|
||||
ulong local_id; /* localid of the pubkey */
|
||||
ulong lid; /* localid */
|
||||
ulong sigrec;
|
||||
ulong sig_id; /* returned signature id */
|
||||
ulong sig_lid; /* returned signatures LID */
|
||||
unsigned sig_flag; /* returned signature record flag */
|
||||
struct { /* internal data */
|
||||
int init_done;
|
||||
int eof;
|
||||
TRUSTREC rec;
|
||||
ulong nextuid;
|
||||
int index;
|
||||
} ctl;
|
||||
} SIGREC_CONTEXT;
|
||||
@ -129,12 +144,13 @@ typedef struct {
|
||||
/*-- tdbio.c --*/
|
||||
int tdbio_set_dbname( const char *new_dbname, int create );
|
||||
const char *tdbio_get_dbname(void);
|
||||
void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
|
||||
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
|
||||
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
|
||||
int tdbio_write_record( TRUSTREC *rec );
|
||||
int tdbio_delete_record( ulong recnum );
|
||||
ulong tdbio_new_recnum(void);
|
||||
int tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec );
|
||||
int tdbio_update_sigflag( ulong lid, int sigflag );
|
||||
int tdbio_delete_uidrec( ulong dirlid, ulong uidlid );
|
||||
|
||||
|
||||
#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
|
||||
|
909
g10/trustdb.c
909
g10/trustdb.c
File diff suppressed because it is too large
Load Diff
@ -39,12 +39,13 @@
|
||||
void list_trustdb(const char *username);
|
||||
void list_trust_path( int max_depth, const char *username );
|
||||
void list_ownertrust(void);
|
||||
void check_trustdb( const char *username );
|
||||
int init_trustdb( int level, const char *dbname );
|
||||
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
|
||||
int query_trust_info( PKT_public_key *pk );
|
||||
int enum_trust_web( void **context, ulong *lid );
|
||||
int get_ownertrust( ulong lid, unsigned *r_otrust );
|
||||
int keyid_from_trustdb( ulong lid, u32 *keyid );
|
||||
int keyid_from_lid( ulong lid, u32 *keyid );
|
||||
int query_trust_record( PKT_public_key *pk );
|
||||
int insert_trust_record( PKT_public_key *pk );
|
||||
int update_ownertrust( ulong lid, unsigned new_trust );
|
||||
|
BIN
tools/mk-tdata
BIN
tools/mk-tdata
Binary file not shown.
@ -1,3 +1,11 @@
|
||||
Tue Jul 21 10:35:48 1998 Werner Koch (wk@(none))
|
||||
|
||||
* argparse.c: New option flag to distinguish options and commands.
|
||||
|
||||
Sat Jul 18 19:49:30 1998 Werner Koch (wk@(none))
|
||||
|
||||
* argparse.c (arg_parse): Added -? as alias for -h
|
||||
|
||||
Thu Jul 9 14:47:20 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* secmem.c (secmem_init): Drops setuid if called with 0.
|
||||
|
@ -83,11 +83,12 @@
|
||||
* 4 = takes ulong argument
|
||||
* Bit 3 : argument is optional (r_type will the be set to 0)
|
||||
* Bit 4 : allow 0x etc. prefixed values.
|
||||
* Bit 7 : this is an command and not an option
|
||||
* If can stop the option processing by setting opts to NULL, the function will
|
||||
* then return 0.
|
||||
* @Return Value
|
||||
* Returns the args.r_opt or 0 if ready
|
||||
* r_opt may be -2 to indicate an unknown option.
|
||||
* r_opt may be -2/-7 to indicate an unknown option/command.
|
||||
* @See Also
|
||||
* ArgExpand
|
||||
* @Notes
|
||||
@ -157,6 +158,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
|
||||
s = "%s:%u: keyword too long\n";
|
||||
else if( arg->r_opt == -3 )
|
||||
s = "%s:%u: missing argument\n";
|
||||
else if( arg->r_opt == -7 )
|
||||
s = "%s:%u: invalid command\n";
|
||||
else
|
||||
s = "%s:%u: invalid option\n";
|
||||
log_error(s, filename, *lineno );
|
||||
@ -164,6 +167,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
|
||||
else {
|
||||
if( arg->r_opt == -3 )
|
||||
s = "Missing argument for option \"%.50s\"\n";
|
||||
else if( arg->r_opt == -7 )
|
||||
s = "Invalid command \"%.50s\"\n";
|
||||
else
|
||||
s = "Invalid option \"%.50s\"\n";
|
||||
log_error(s, arg->internal.last? arg->internal.last:"[??]" );
|
||||
@ -220,8 +225,8 @@ optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
|
||||
arg->r_opt = opts[index].short_opt;
|
||||
if( inverse )
|
||||
arg->r_opt = -arg->r_opt;
|
||||
if( !opts[index].short_opt )
|
||||
arg->r_opt = -2; /* unknown option */
|
||||
if( !opts[index].short_opt ) /* unknown command/option */
|
||||
arg->r_opt = (opts[index].flags & 256)? -7:-2;
|
||||
else if( (opts[index].flags & 8) ) /* no argument */
|
||||
arg->r_opt = -3; /* error */
|
||||
else /* no or optiona argument */
|
||||
@ -279,7 +284,7 @@ optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
|
||||
index = i;
|
||||
arg->r_opt = opts[index].short_opt;
|
||||
if( !opts[index].short_opt ) {
|
||||
arg->r_opt = -2; /* unknown option */
|
||||
arg->r_opt = (opts[index].flags & 256)? -7:-2;
|
||||
state = -1; /* skip rest of line and leave */
|
||||
}
|
||||
else
|
||||
@ -390,7 +395,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
|
||||
|
||||
arg->r_opt = opts[i].short_opt;
|
||||
if( !opts[i].short_opt ) {
|
||||
arg->r_opt = -2; /* unknown option */
|
||||
arg->r_opt = (opts[i].flags & 256)? -7:-2;
|
||||
arg->r.ret_str = s+2;
|
||||
}
|
||||
else if( (opts[i].flags & 7) ) {
|
||||
@ -438,12 +443,12 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
|
||||
break;
|
||||
}
|
||||
|
||||
if( !opts[i].short_opt && *s == 'h' )
|
||||
if( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) )
|
||||
show_help(opts, arg->flags);
|
||||
|
||||
arg->r_opt = opts[i].short_opt;
|
||||
if( !opts[i].short_opt ) {
|
||||
arg->r_opt = -2; /* unknown option */
|
||||
arg->r_opt = (opts[i].flags & 256)? -7:-2;
|
||||
arg->internal.inarg++; /* point to the next arg */
|
||||
arg->r.ret_str = s;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user